The digital business is all about speed. Time to develop new products, deliver them to the market, and respond to a change in business conditions or the competitive landscape. Technology is how speed happens, and IT must enable the business to get things done. Automation, agility, elasticity, and flexibility are some of the traits of the modern IT infrastructure, which is already demonstrated via the increased usage of cloud computing.

Unlike cloud computing, networking and security are painfully incompatible with the cloud-centric and mobilefirst business.

Unlike cloud computing, networking and security are painfully incompatible with the cloud-centric and mobilefirst business. The network is rigid and static. Security is heavily fragmented across multiple domains of physical locations, cloud resources, and mobile users. Together, networking and security are slowing down the business as silos erected decades ago are stretched and patched to accommodate emerging business requirements.

Networking and security need to become part of the IT platform for the digital business. Don’t take our word for it: Gartner has recently defined a new category that converges network and security into a single cloud-based service: Secure Access Service Edge (SASE). Simply put, SASE is the secure network for the future of your business.

The Challenge: You Can’t Build a Jet from Car Parts

Historically, IT teams solved emerging business needs with point solutions. For example, adding SD-WAN boxes to offload capacity constrained and expensive MPLS connections to Internet links; or adding firewalls in branches to enable secure direct internet access. The result of this approach was technological silos, built upon point solutions that are loosely integrated and separately managed.

Ultimately, IT needs to provide consistent performance and strong security, in a cost-effective way, to all business resources, globally. This is an architectural challenge, not a functional problem, that requires the elimination of IT silos, and the use of “point solution patches” to address new business requirements.

It is the realization that IT architecture must evolve beyond the silos and the use of point solutions that is driving the Secure Access Service Edge (SASE).

SASE is a new category defined by Gartner analysts Neil McDonald (security analyst) and Joe Skorupa (networking analyst). SASE details an architectural transformation of enterprise networking and security that will enable IT to provide a holistic, agile and adaptable service to the digital business. The SASE Cloud service has 4 main characteristics: it’s identity-driven, cloud native, globally distributed, and supports all edges (WAN, cloud, mobile, edge computing).

At the core of SASE is the identity. An identity is attached to every enterprise resource: a person, an application, a service, or a device. It is the identity that determines the true essence of the resource – not its physical location. Identity, as part of a broad and dynamic context awareness drives the risk and network service profile of every flow, and the resulting mix of authentication methods, threat inspection, and data access authorization. Identity “blindness” is a trait of pure networking vendors, however It is “table stakes” with security vendors. The benefit of security and networking convergence is the infusion of identity throughout the access life cycle from ensuring quality of service to applying risk-driven security controls.

SASE calls for the creation of a network of cloud points of presence (PoPs) which comprise the SASE Cloud. The PoPs run the provider software that delivers a wide range of networking and network security capabilities as a service. The PoPs should seamlessly scale to adapt to changes in traffic load via the addition of compute nodes. The PoPs software can be upgraded to deliver new features or bug fixes seamlessly and without IT involvement. The cloud architecture must include self-healing capabilities to automatically move processing away from failing compute nodes and PoPs and into healthy ones.

These capabilities can’t be achieved by spinning up virtual appliances in the cloud. As appliances are designed to serve a single customer (single tenant) and lack the overall cloud orchestration layer to ensure elasticity and self-healing. The approach of service chaining legacy point products, appliances or cloud services, will likely affect service quality and performance.